Information Security Management Clause Samples

Information Security Management. Cengage has established a Security Organization, led by the company’s Chief Security Officer and staffed with dedicated security personnel. This organization is independent from the various divisions or business units that manage and operate IT systems within the company. The Security Organization consists of cross-divisional security teams leveraging a multi-disciplinary approach to compliance with cyber and information security standards, operational risk management, client security management, workforce protection and business resilience. Roles and responsibilities have been formally defined in writing for all members of the security team.

Information Security Management. IPSX has utilised the Cyber Essentials certification to assess and develop its cyber security measures and adheres to industry standards in this respect. IPSX has a Patch Management Policy and deploys security patch updates to external software components in a scheduled manner. Unsupported software is removed and software installation is monitored. Clearly defined starter, leaver and mover processes are in place and are adhered to. Anti-malware software is installed on all relevant devices.

Information Security Management iManage has appointed one or more security officers responsible for coordinating and monitoring security rules and procedures. iManage maintains an information security program designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. The information security program may be updated from time to time based on changes in applicable legal and regulatory requirements, best practices and industry standards related to privacy and data security.

Information Security Management. The Contractor shall take all reasonable measures necessary to comply with the provisions of the International Standard ISO27001, “The Code of Practice for Information Security Management”, in connection with the provision of the Services.

Information Security Management. A. Security Program i. Includes documented policies or standards appropriate to govern the handling of Protected Data in compliance with the Agreement and with applicable law. ii. Is managed by a senior employee responsible for overseeing and implementing the program. iii. Includes administrative, technical, and physical safeguards reasonably designed to protect the confidentiality, integrity, and availability of Protected Data. iv. Is appropriate to the nature, size, and complexity of RingCentral’s business operations. B. Security Policy Management i. Align with information security established industry standards. ii. Are subject to ongoing review. iii. May be revised to reflect changes in industry best practices. C. Risk Management i. Performs cybersecurity risk assessments to identify threats to their business or operations at least annually. ii. Updates RingCentral policies, procedures and standards as needed to address threats to RingCentral’s business or operations.

Information Security Management iManage maintains an information security program designed to protect Customer Data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. The information security program may be updated from time to time based on changes in applicable legal and regulatory requirements, best practices and industry standards related to privacy and data security.

Information Security Management. 15.1 The Provider shall provide the Administering Authority with either: 15.1.1 such evidence as the Administering Authority may reasonably require that the Provider has been certified and continues to be certified ISO 27001 Information Security Management compliant; or 15.1.2 a valid Cyber Essentials Scheme Basic Certificate, as a condition for the award of a contract(s) under this DPS Agreement. 15.2 Where the Provider continues to process Cyber Essentials Scheme Data during the Term or the contract period of any Contract the Provider shall deliver to the Administering Authority evidence of renewal of a valid Cyber Essentials Scheme Basic Certificate on each anniversary of the first applicable certificate obtained by the Provider under Clause 15.1 (Information Security Management). 15.3 In the event that the Provider fails to comply with Clauses 15.1 or 15.2 (Information Security Management), the Administering Authority reserves the right to terminate this DPS Agreement for material Default.

Information Security Management. 3.1 The Supplier shall ensure that: (a) the roles and responsibilities for information security management are formally identified and documented; (b) there is a formal documented approach to risk management; (c) it carries out regular (and no less than once per annum) a risk assessment of the Services being supplied to GBG; and (d) it has a documented process for resolving security related complaints. 3.2 The Supplier shall appoint an individual (or appropriate group), to co-ordinate and manage the information security programme within their organisation and in accordance with their information security policy. 3.3 The Supplier agrees that any system or process used by the Supplier for (but not limited to) gathering, storing, processing or transmitting GBG Data shall be security assessed and it agrees that: (a) if any vulnerabilities that pose a risk to any GBG Data are discovered during any risk assessment, it shall rectify such vulnerabilities to GBG’s sole satisfaction in the time period agreed by the parties and at the Supplier’s cost; and (b) If it cannot rectify the vulnerability in the system or process as set out in paragraph 3.3(a) above, GBG shall have the right to terminate this Agreement with immediate effect by notice in writing to the Supplier. On receipt of GBG’s notice to terminate the Supplier shall refund GBG any fees or charges paid in advance for Services not yet received. 3.4 In relation to any vulnerabilities mentioned in clause 3.3 (a) above, the Supplier shall ensure it has measures in place to mitigate those vulnerabilities.

Information Security Management. LogicMonitor shall maintain throughout the Term of the Agreement formal information security management program designed to protect the confidentiality, integrity and availability of Customer Data. The program shall be documented and updated based on changes in applicable legal and regulatory requirements related to privacy and data security practices and industry standards.